ISC StormCast for Monday, April 29th 2019
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 29 April 2019
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, April 29th, 2019 edition of the Sandton and Storm Center's Stormcast. My name is Johannes Ulrich, and then I'm recording from Augusta, Georgia. |
| 0:14.3 | Friday I mentioned that there is a new vulnerability in WebLogic and that several exploits had been released for |
| 0:24.0 | this vulnerability. It wasn't however clear whether or not this vulnerability had been patched |
| 0:29.5 | before because the original author of the exploits did use an old 2018 CVE number for it. On Friday, Oracle did use an old 2018 CVE number for it. |
| 0:38.3 | On Friday, Oracle did release an advisory stating that this is indeed a new vulnerability |
| 0:45.3 | that had not been patched by any prior critical patch update. |
| 0:51.3 | Oracle did label this vulnerability CVE 2019, 2725. On Friday, Oracle did release a patch for WebLogic |
| 1:02.8 | 10360. This patch is what Oracle calls an overlay. There are two versions of this overlay patch. |
| 1:13.5 | One is for you to apply if you already applied the January patches or the second one if you have applied the April patches. |
| 1:22.1 | Now as I am recording this, there is no patch for 1213.-3-0. For this version of WebLogic, Oracle has promised the patch |
| 1:32.6 | for this Monday, so by the time you're listening to it, maybe the patch is already available. |
| 1:39.0 | And just like for the 1036 version, there should be two patches available, one if you already applied the January update, and |
| 1:48.3 | then one if you applied the April update. |
| 1:52.2 | So I think at this point, if you're running 12 and you haven't seen the patch yet, at the |
| 1:57.8 | very least, make sure that you're either running the January or April |
| 2:02.5 | version that you applied all of those patches, so you're ready to go once the update arrives |
| 2:09.1 | from Oracle. And of course, if you are running at 1036, then by all means apply Oracle's |
| 2:16.1 | patch. I have tested the exploit that was released. |
| 2:20.3 | It works like a charm. |
| 2:22.3 | One of them makes it really trivial to upload a web shell to an affected server. |
| 2:28.3 | Assume that at this point your server already has at least been attacked, if not already been compromised. |
| 2:36.3 | We have seen a couple of crypto coin miners being installed in our Honeypot. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.